{"id":8892,"date":"2020-05-28T04:03:13","date_gmt":"2020-05-28T01:03:13","guid":{"rendered":"https:\/\/forklog.media\/?p=8892"},"modified":"2020-05-28T20:08:03","modified_gmt":"2020-05-28T17:08:03","slug":"does-your-phone-eavesdrop-on-you-it-can-but-not-necessarily-does","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/does-your-phone-eavesdrop-on-you-it-can-but-not-necessarily-does\/","title":{"rendered":"Does Your Phone Eavesdrop On You? It Can but Not Necessarily Does"},"content":{"rendered":"

Humans have a thing for patterns. Occasionally, our brains see things that aren\u2019t there or miss out on something in plain sight. In fact, there\u2019s a curious list<\/a> of cognitive biases that play part in false conclusions, poor decisions, and occasional conspiracy theories. When it comes to privacy and spyware controversies, the challenge is especially apparent. Speaking of spying, have you ever wondered if your phone listens in when it\u2019s not supposed to?<\/p>\n

<\/p>\n

In this piece, we explore the suggestion that smartphones are eavesdropping on people\u2019s conversations to target ads or worse, summarize the reasoning on both sides of the argument, and share some conclusions.<\/p>\n

Smartphones Have Tools to Threaten Our Privacy<\/h2>\n

There is a fair share of controversy surrounding the matter and the evidence is largely anecdotal<\/a>. Still, our phones have more than enough tech built-in to spy on what people say.<\/p>\n

With their phone nearby, a user has a private conversation with somebody about buying a set of silly hats for a friend\u2019s birthday. The phone listens in with a microphone or other means and pushes information from the conversation to a remote server somewhere on the internet. The information gets to advertising networks, which use it to learn more about the user\u2019s needs and behavior. This knowledge then can be used to serve targeted headgear-related ads to the user.<\/p>\n

\"Overview<\/a><\/p>\n

Overview of the smartphone eavesdropping threat model. Source: <\/i>Conference paper by Jacob Leon Kr\u00f6ger and Philip Raschke<\/i><\/a><\/p>\n

Smartphones come with microphones and most of them have motion sensors. In terms of hardware, this is plenty.<\/p>\n

The part about using a microphone to record conversations isn\u2019t surprising as all the magic is in the software. Using gyroscopes and accelerometers for the purpose is less intuitive, these tools are meant to tell the phone\u2019s rotation and movements, not really to capture sound.<\/p>\n

To tell the rotation, gyroscopes in modern smartphones use the same methods as flies, which are known for their aerobatic prowess. Both come with tiny vibrating structures: flies have club-like organs called halteres<\/i> on their back and MEMS gyroscopes<\/a> have a piece of material wiggling inside an enclosure. A pendulum swinging back and forth will resist forces trying to make swing side to side. You can measure and interpret this behavior to tell the rate of rotation.<\/p>\n

Smartphone accelerometers<\/a> also typically include a frame with a springy bit. The bit stays still when the phone isn\u2019t moving and will try to stay still when you move the phone. A similar effect can be observed when somebody leaves a coffee cup on the roof of their car and drives off: inertia makes the cup reluctant to accelerate with the rest of the car, especially when full of coffee. Respectively, you can interpret the relative motion of the springy bit inside the accelerometer to tell the phone\u2019s acceleration in space.<\/p>\n

Both tools aren\u2019t made for sound, but they do register vibrations, which are sound when the frequency is right. Over the past several years researches have shown that it is possible to get readable speech samples with gyroscopes<\/a>, with accelerometers<\/a>, and with both simultaneously<\/a>. The reported quality tends to be bad and the studies were limited, but the capabilities are there.<\/p>\n

When it comes to the software, German researchers Kr\u00f6ger and Raschke point out<\/a> three layers, at which an attack can be pulled off: the operating system level, the application level, and the library level. This means that OS providers like Google and Apple have the means to access the hardware and manage recordings, but so do apps and even particular third-party libraries strapped onto them.<\/p>\n

Normally, apps have to get the user\u2019s initial permission to use the phone\u2019s sensors. The problem is that an app can do whatever it needs with that piece of hardware after that single permission is given. An app may refuse to work without certain permissions and users tend<\/a> to choose the benefits of a new app over privacy precautions. The actual permission requested may not even be relevant to the functions of the app. A user may simply grant the initial permissions to an app without paying much attention allowing a random calendar app to access cameras, messages, and microphones with zero hesitation. On top of that, there are ways to circumvent the permission system at least in Android devices<\/a>.<\/p>\n

Given all that, it\u2019s not much of a stretch to assume that some big bad companies, government agents may be using people\u2019s mobile devices to serve targeted ads and justice.<\/p>\n

But They Aren\u2019t Necessarily Eavesdropping<\/h2>\n

There is no clear community consensus as to whether our phones are eavesdropping for the benefit of advertising networks. No evidence of hidden recording and data transmission have been found<\/a> yet.<\/p>\n

One of the arguments<\/a> against the spying smartphones assumption is that there are numerous other ways to do profiling that doesn\u2019t involve listening to private conversations. Website cookies, online trackers, invisible pixels, and many other means of monitoring users\u2019 behavior are nothing new. Algorithms can process the information from our digital footprint to learn quite a lot about us. This can potentially explain why people occasionally get those spooky ads that coincide with a previous conversation but are seemingly irrelevant to anything they did online.<\/p>\n

In addition, for large companies like Google, Apple, or Facebook, it isn\u2019t really feasible to resort to such questionable practices. They already have a lot of data on users and all the analytic capacities to target ads and make profits. There is little apparent reason to risk having reputational and legal problems just to get that extra bit of information.<\/p>\n

Another argument is that the coincidences between private conversations and targeted ads can be just that: coincidences. Back in 2015, a researcher concluded<\/a> that an average person in the U.S. was being exposed to somewhere between 4,000 and 10,000 ads each day. To be fair, that particular study involved all kinds of ads, not just online, and the study was limited to the author himself, but it gives a hint about the scale of ad bombardment. Given that there are about 4 billion<\/a> internet users, some of them are bound to stumble upon an unnervingly coincidental ad. Falling victim to the selection bias, people may be finding links where there are none.<\/p>\n

Considering all of the above, what we\u2019ve got is the fact that our smartphones are very much capable of spying in terms of hardware in software, but there is no proof that they have tapped into that potential. There is also little apparent reason for companies to go for it, given the risks and hassle.<\/p>\n

Unfortunately, this doesn\u2019t mean that no spying takes place right now or will take place in the future. It also doesn\u2019t mean that our privacy is protected from all the other perils of surveillance capitalism.<\/p>\n

Though It\u2019s Better to Take Reasonable Precautions<\/h2>\n

While tech companies Google and Apple, as well as independent researchers, screen apps for malicious code, there are many things left to consider on the user\u2019s side.<\/p>\n

Using unofficial apps is an obvious risk to avoid. The same goes for giving permissions indiscriminately. Both Android and iOS have a way to show the list of all permissions so the user can check and recall the ones they aren\u2019t sure about. Sadly, if an app had access to the phone\u2019s sensors and memory before, recalling permission isn\u2019t going to help.<\/p>\n

Still, search engines, online trackers, internet providers, and websites will be taking notes even if you would physically remove the sensors in your phone.\u00a0 Whichever device you are using, opt for privacy-focused search engines, browsers, and messengers, be considerate of shady links and sites on the web, avoid public wireless networks, and use a VPN. Privacy requires a blanket approach, it\u2019s not just potentially nosey phones.<\/p>\n

Follow us on\u00a0<\/b>Twitter<\/b><\/a>\u00a0and\u00a0<\/b>Facebook<\/b><\/a>\u00a0and join our\u00a0<\/b>Telegram channel<\/b><\/a>\u00a0to know what\u2019s up with crypto and why it\u2019s important.<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"

Humans have a thing for patterns. Occasionally, our brains see things that aren\u2019t there or miss out on something in plain sight. In fact, there\u2019s a curious list of cognitive biases that play part in false conclusions, poor decisions, and occasional conspiracy theories. When it comes to privacy and spyware controversies, the challenge is especially […]<\/p>\n","protected":false},"author":6,"featured_media":8894,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"human_written","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[198],"tags":[516,573,773,1113],"class_list":["post-8892","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-opinion","tag-advertising","tag-privacy","tag-smartphones","tag-surveillance"],"aioseo_notices":[],"amp_enabled":true,"views":"900","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/8892","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=8892"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/8892\/revisions"}],"predecessor-version":[{"id":8896,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/8892\/revisions\/8896"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/8894"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=8892"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=8892"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=8892"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}